A list of useful payloads and bypass for Web Application Security and Pentest/CTF

The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

A minimal init system for Linux containers

Some out-of-the-box hooks for pre-commit

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Websockify is a WebSocket to TCP proxy/bridge. This allows a browser to connect to any application/server/service.

Knock Subdomain Scan

DNS Enumeration Script

Tool to scan for secret files on HTTP servers

A forensic evidence collection & analysis toolkit for OS X

Mozilla HTTP Observatory

Phishing catcher using Certstream

ODAT: Oracle Database Attacking Tool

🔒 Python 3.X client for HashiCorp Vault

Hi, I'm a library for interacting with GItHub's REST API in a convenient and ergonomic way. I work on Python 3.6+.

Builds malware analysis Windows VMs so that you don't have to.

A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.

Distributed alerting for the masses!

Create tar/zip archives that can exploit directory traversal vulnerabilities

A post-exploitation OS X/Linux agent written in Python 2.7

A database of common, interesting or useful commands, in one handy referable form

Python deserialization library for Unity3D Asset format

Exploit written in Python for CVE-2018-15473 with threading and export formats

A swagger 2.0 spec extractor for flask

Egressbuster is a method to check egress filtering and identify if ports are allowed. If they are, you can automatically spawn a shell.

Subdomain Takeover Scanner | Subdomain Takeover Tool | by 0x94

💀Proof-of-Concept for CVE-2018-7600 Drupal SA-CORE-2018-002

Clone all of your Github repositories, just single command from your terminal.

Mittn: Security test tool runner for test automation in CI

a grep -r for secrets